PDA

Просмотр полной версии : Virus on Computer


glatham311
18.09.2010, 03:56
I have a virus and I can't destroy it. Please advise! I've attached zip file from Virus Removal Tool.
olejah
18.09.2010, 10:25
Close/unload all the programs

Switch off:
- Antivirus and, if you have - Firewall.

- Execute following script (http://virusinfo.info/showthread.php?t=9207) in Manual Healing


begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile('C:\Users\User\AppData\Local\Temp\4 036982825.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\b 90a9.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\c md.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\e cxawnsrom.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\i pm1h.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\m sllhsjn.dll','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\p 95tukvqyc2h.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\s ysedit.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\s ystem.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\w in32.exe','');
DeleteFile('C:\Users\User\AppData\Local\Temp\win32 .exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','Lvifiejlq+');
DeleteFile('C:\Users\User\AppData\Local\Temp\syste m.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','Lvifiejlud');
DeleteFile('C:\Users\User\AppData\Local\Temp\sysed it.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','Lvifiejlupc');
DeleteFile('C:\Users\User\AppData\Local\Temp\p95tu kvqyc2h.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','LvifiejlOyfcr\AppData\Local\Temp\p95tukvqyc2h.e xe');
DeleteFile('C:\Users\User\AppData\Local\Temp\msllh sjn.dll');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','byivqr');
DeleteFile('C:\Users\User\AppData\Local\Temp\ipm1h .exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','LvifiejloL');
DeleteFile('C:\Users\User\AppData\Local\Temp\ecxaw nsrom.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','ecxawnsrom.exe');
DeleteFile('C:\Users\User\AppData\Local\Temp\cmd.e xe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','Lvifiejlkc');
DeleteFile('C:\Users\User\AppData\Local\Temp\b90a9 .exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','LvifiejlJL');
DeleteFile('C:\Users\User\AppData\Local\Temp\40369 82825.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Run ','Lvifiejl82zer\AppData\Local\Temp\4036982825.exe ');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing


begin
CreateQurantineArchive('C:\quarantine.zip');
end.

- Upload the C:\quarantine.zip here: upload_virus_eng. (http://virusinfo.info/upload_virus_eng.php?tid=83713)
- Make a new log file and Attach a new log to your new post..